Deployment results
The tables provide a reference of the possible errors encountered during deployment. Items in brackets are placeholders for specific items that are identified as appropriate for the environment.
TIP:
Third-party devices may not support all security capabilities and features of
FactoryTalk Policy Manager
. Depending on the device specifications, you may have to adjust your security policy model.Deployment errors
Error | Description |
|---|---|
Cannot read the state of the CIP Security Object for <device name> <endpoint name> . | The system cannot obtain information if the device is CIP Security capable. |
Unable to retrieve the list of administered ports for <device name> <endpoint name>. | The system cannot obtain information on device ports. The device may not support ports or CIP Security . |
<device name> does not support configuration for the port. | The device is in a zone that has disabled communication over the specified port. The device does not support individual port configuration. Make sure that the device is CIP Security capable. |
Cannot obtain the list of available encryption methods for <device name> <endpoint name> . | The system cannot determine if the device supports any encryption methods. Check the device specifications. |
Unable to retrieve the list of supported encryption methods for <endpoint name> . | The system cannot retrieve information on which encryption methods supported by the device. Check the device specifications. |
Unable to set encryption method for <endpoint name> . | The system cannot set which encryption method is used by the device. Update the device firmware. |
Unable to retrieve the pre-shared key from <endpoint name> . | The device does not support pre-shared key authentication, the device lost data, or the device replacement procedure was not followed. Go to the specified zone, generate a new pre-shared key and redeploy the security policy model. |
Unable to set the pre-shared key from <endpoint name> . | The device does not support pre-shared key authentication, the device lost data, or the device replacement procedure was not followed. Go to the specified zone, generate a new pre-shared key and redeploy the security policy model. |
Unable to clear the pre-shared key from <endpoint name> . | The previously assigned pre-shared key could not be removed from the device. |
Unable to retrieve the active certificate from <endpoint name> . | The system cannot connect to the Certificate Management Objects on the device. |
Unable to assign a certificate to <endpoint name> . | The system could not switch from the default certificate to a new certificate on the device. |
Unable to create Certificate Management Objects for <endpoint name> . | The system could not create a certificate for the device. The device may have insufficient space. Review the security policy model and check if the number of conduits to the device does not exceed the capacity of the device. Contact the device's manufacturer. |
Unable to retrieve the certificate attributes for <endpoint name> . | The system could not retrieve the certificate from the device. |
Device certificate is invalid or unverified for <endpoint name> . | The device is unable to verify its certificate. |
CA certificate is invalid or unverified for <endpoint name> . | The device is unable to verify the Certificate Authority certificate. |
Unable to delete certificate from <endpoint name> . | The firmware of the device may be preventing the system from deleting the certificate from the device. |
Unable to read certificates from <endpoint name> . | The system could not read the certificate from the device. |
No new identity certificates assigned for <endpoint name> . | The system could not locate expected certificates on the device. |
Unable to obtain the list of trusted authorities for <endpoint name> . | The device cannot access the list of zone certificates. |
Unable to assign a trusted authority certificate for <device name> <endpoint name> . | The device could not access one of its parameters. |
Cannot get Trusted Devices. | The system could not retrieve the list of Trusted Devices form the device. |
Cannot set Trusted Devices. | The system could not set the list of Trusted Devices for the device. |
Cannot obtain a list of Certificate Management Objects for <device name> <endpoint name> . | The system could not retrieve a list of certificates from the device. |
Unable to obtain required file object list on <device name> <endpoint name> . | The system encountered a problem communicating with the device. |
Unable to obtain required file object on <device name> <endpoint name> . | The system encountered a problem communicating with the device. |
Endpoint <path> does not support configuring state of: <protocol> <port number> . | The device does not support the mentioned communication protocol or port. Check if the device supports the protocol or port. |
Cannot read device IE setting from <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Cannot verify IE rules on <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Unable to obtain the max instance for <endpoint name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Cannot read device IE rules from <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Cannot read device IE rules size from <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Cannot get number of instances from <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Cannot get configuration sequence count from <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. The device may not support this feature. |
Unable to obtain the list of port instances for <endpoint name> , not supported by the device. | The device may not support this feature. Check the list of ports supported by the device and make the required changes in the security policy model. |
Unable to read the proxy instance attributes for <endpoint name> . | The system was unable to retrieve data from the device set as a proxy device in the security policy model. Check if the device has proxy capabilities, check if the firmware is proxy-capable. |
Unable to read the number of proxied endpoints supported by <endpoint name> . | The system was unable to retrieve data from the device set as a proxy device in the security policy model. Check if the device has proxy capabilities, check if the firmware is proxy-capable, check if the device is connected to a proxied device in the security policy model. |
Unable to set the list of proxied endpoints for the proxy: <endpoint name> . | The system was unable to retrieve data from the device set as a proxy device in the security policy model. Check if the device has proxy capabilities, check if the firmware is proxy-capable, check if the device is connected to a proxied device in the security policy model. |
Unable to connect to the endpoint ( <device name> ) using the <device path> . | Specific to 1756-EN4TR devices in redundant adapter mode. Turn off the redundant adapter mode on the device and redeploy the CIP Security policy. |
Deployment warnings
Warning | Description |
|---|---|
Cannot read the Device Identity for the <device name> <endpoint name> | The system is unable to read a CIP Security object containing device identifiers. Make sure that the device is CIP Security capable, cycle power to the device, check physical connection to the device, update the device firmware. |
<device name> does not support configuration for port. | The device has been placed in a zone that has disabled communication over the specified port, but the device does not support the individual port configuration. Make sure that the device is CIP Security capable, update device firmware. |
Device does not support configuration of the DTLS Timeout setting. | Check if the device supports the DTLS Timeout setting, update device firmware, or disable the DTLS Timeout setting. |
Device <device name> cannot configure Trusted IP lists. | Trusted IP Lists are a feature specific to Rockwell Automation /Allen-Bradley devices. Check the device specifications. |
Device <device name> does not support Trusted IP lists. | Trusted IP Lists are a feature specific to Rockwell Automation /Allen-Bradley devices. Check the device specifications. |
Cannot set IE rules on <device name> . | The system encountered a problem with the Ingress/Egress rules on the device. Cycle power to the device, retry deployment, or replace the device. |
Unable to obtain the device IE support settings for <endpoint name> . | The system encountered a problem with the Ingress/Egress rules on the device. Cycle power to the device, retry deployment, or replace the device. |
Unable to obtain the IE rules for <endpoint name> . | The system encountered a problem with the Ingress/Egress rules on the device. Cycle power to the device, retry deployment, or replace the device. |
Unable to obtain converted IE rules for <endpoint name> . | The system encountered a problem with the Ingress/Egress rules on the device. Cycle power to the device, retry deployment, or replace the device. |
Provide Feedback